Data privacy
Beakr handles customer data in accordance with GDPR, CCPA, and applicable data protection regulations. Data Processing Agreements are available for all customers.
Data Processing Agreements (DPA)
Beakr executes Data Processing Agreements with customers who require them, covering GDPR Article 28 requirements. Our DPA addresses:
- Scope and purpose of data processing
- Categories of personal data processed
- Sub-processor authorization and notification
- Data subject rights and assistance
- Data breach notification obligations
- Data return and deletion upon termination
- International data transfer mechanisms
Contact support@thebeakr.com to request our DPA.
GDPR compliance
Beakr implements technical and organizational measures aligned with GDPR requirements:
| GDPR principle | Beakr implementation |
|---|---|
| Lawfulness and transparency | Data processed under contractual basis. Processing activities documented. |
| Purpose limitation | Customer data processed only to provide the contracted service. |
| Data minimization | Only data necessary for service delivery is collected and processed. |
| Accuracy | Users can update their data at any time through the application. |
| Storage limitation | Explicit retention periods for all data types. User-controlled deletion. |
| Integrity and confidentiality | AES-256 encryption at rest, TLS in transit, database-enforced tenant isolation. |
Data subject rights
Beakr supports the exercise of data subject rights:
- Right of access. Users can view and export all their data at any time.
- Right to rectification. Users can update their profile and data through the application.
- Right to erasure. Users can delete individual resources. Full account deletion is available upon request.
- Right to data portability. Data export available in standard formats at the individual and project level.
- Right to restrict processing. Users can disconnect integrations and remove data sources.
Data residency
All Beakr infrastructure runs in AWS us-east-1 (N. Virginia). Customer data at rest (database, file storage, cache, backups) remains within this region.
Data may transit through third-party sub-processors (AI model providers, authentication services) whose infrastructure may span multiple regions. See our sub-processor list for details on each provider. For customers with strict data residency requirements, our single-tenant deployment can be configured in a specific AWS region.
CCPA
For California residents, Beakr acts as a service provider under the CCPA. We do not sell personal information. Users can exercise their rights to know, delete, and opt-out through our application or by contacting privacy@thebeakr.com.
For privacy-related questions, DPA requests, or data subject right exercises, contact privacy@thebeakr.com.